Paul...another newbie. Help?

deleonj10 · Trooper Joined: Feb 27, 2004 Posts: 12 Location: Uk

Hi there, I know you've gotten this many times...but Im new here and I dont exactly know how to read the TCP Port Scanner. I have 4 possible services connected...is that a bad thing? Should I shut them...and how?
Thanks so much! Justin

Starting Common Services TCP Port Scan ...
Connection Refused: Port 21 used by FTP.
ESTABLISHED CONNECTION: Possible SSH / secure shell service found on port 22.
Connection Refused: Port 23 used by Telnet.
ESTABLISHED CONNECTION: Possible SMTP / send mail / outgoing mail service found on port 25.
Connection Refused: Port 53 used by DNS.
Connection Refused: Port 69 used by TFTP / Trivial file transfer.
Connection Refused: Port 70 used by GOPHER.
Connection Refused: Port 79 used by FINGER.
Connection Refused: Port 80 used by HTTP / web servers.
Connection Refused: Port 110 used by POP3 / incoming mail.
ESTABLISHED CONNECTION: Possible SUNRPC / Sun portmapper service found on port 111.
Connection Refused: Port 135 used by EPMAP / Microsoft RPC - SMB file/print sharing.
Connection Refused: Port 137 used by NETBIOS-NS / NETBIOS Name Service.
Connection Refused: Port 138 used by NETBIOS-DGM / NETBIOS Datagram Service.
Connection Refused: Port 139 used by NETBIOS-SSN / NETBIOS Session Service.
Connection Refused: Port 143 used by IMAP / incoming mail.
Connection Refused: Port 194 used by IRC / Internet relay chat.
Connection Refused: Port 389 used by LDAP / lightweight directory access protocol.
Connection Refused: Port 407 used by TIMBUKTU.
Connection Refused: Port 443 used by HTTPS / secure HTTP (SSL).
Connection Refused: Port 445 used by MICROSOFT-DS / directory service, found on Win2k.
ESTABLISHED CONNECTION: Possible PRINTER / print spooler service found on port 515.
Connection Refused: Port 525 used by TIMED / time server.
Connection Refused: Port 546 used by DHCP Client.
Connection Refused: Port 547 used by DHCP Server.
Connection Refused: Port 554 used by RTSP / real time streaming (music).
Connection Refused: Port 1080 used by SOCKS / Internet proxy.
Connection Refused: Port 1214 used by Kazaa.
Connection Refused: Port 1433 used by MS-SQL / MSDE and SQL Server.
Connection Refused: Port 1723 used by PPTP / virtual private network (VPN).
Connection Refused: Port 1863 used by MSN Messenger.
Connection Refused: Port 5000 used by Microsoft UPnP.
Connection Refused: Port 5190 used by AOL Instant Messenger.
Connection Refused: Port 5631 used by pcAnywhere.
Connection Refused: Port 5678 used by Linksys Remote Administration 1.42.7 Vulnerability.
Connection Refused: Port 6346 used by Gnutella.
Connection Refused: Port 6347 used by Gnutella.
Connection Refused: Port 6665 used by IRCU / common IRC.
Connection Refused: Port 6666 used by IRCU / common IRC.
Connection Refused: Port 6667 used by IRCU / common IRC.
Connection Refused: Port 6668 used by IRCU / common IRC.
Connection Refused: Port 6669 used by IRCU / common IRC.
Connection Refused: Port 8080 used by HTTP-ALT / alternate HTTP (see port 80).
4 possible services were detected on your system.

Thanks again...

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Hi and welcome Jason. What is your OS?

deleonj10 · Trooper Joined: Feb 27, 2004 Posts: 12 Location: Uk

Hi Paul...Windows. Windows XP and MSIE browser. Hope it helps, thanks...Justin

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Try the same scan again. I made some code changes just now.

deleonj10 · Trooper Joined: Feb 27, 2004 Posts: 12 Location: Uk

This is what I get

Starting Common Services TCP Port Scan ...
Connection Refused: Port 21 used by FTP.
ESTABLISHED CONNECTION: Possible SSH / secure shell service found on port 22.
Connection Refused: Port 23 used by Telnet.
ESTABLISHED CONNECTION: Possible SMTP / send mail / outgoing mail service found on port 25.
Connection Refused: Port 53 used by DNS.
Connection Refused: Port 69 used by TFTP / Trivial file transfer.
Connection Refused: Port 70 used by GOPHER.
Connection Refused: Port 79 used by FINGER.
Connection Refused: Port 80 used by HTTP / web servers.
Connection Refused: Port 110 used by POP3 / incoming mail.
ESTABLISHED CONNECTION: Possible SUNRPC / Sun portmapper service found on port 111.
Connection Refused: Port 135 used by EPMAP / Microsoft RPC - SMB file/print sharing.
Connection Refused: Port 137 used by NETBIOS-NS / NETBIOS Name Service.
Connection Refused: Port 138 used by NETBIOS-DGM / NETBIOS Datagram Service.
Connection Refused: Port 139 used by NETBIOS-SSN / NETBIOS Session Service.
Connection Refused: Port 143 used by IMAP / incoming mail.
Connection Refused: Port 194 used by IRC / Internet relay chat.
Connection Refused: Port 389 used by LDAP / lightweight directory access protocol.
Connection Refused: Port 407 used by TIMBUKTU.
Connection Refused: Port 443 used by HTTPS / secure HTTP (SSL).
Connection Refused: Port 445 used by MICROSOFT-DS / directory service, found on Win2k.
ESTABLISHED CONNECTION: Possible PRINTER / print spooler service found on port 515.
Connection Refused: Port 525 used by TIMED / time server.
Connection Refused: Port 546 used by DHCP Client.
Connection Refused: Port 547 used by DHCP Server.
Connection Refused: Port 554 used by RTSP / real time streaming (music).
Connection Refused: Port 1080 used by SOCKS / Internet proxy.
Connection Refused: Port 1214 used by Kazaa.
Connection Refused: Port 1433 used by MS-SQL / MSDE and SQL Server.
Connection Refused: Port 1723 used by PPTP / virtual private network (VPN).
Connection Refused: Port 1863 used by MSN Messenger.
Connection Refused: Port 5000 used by Microsoft UPnP.
Connection Refused: Port 5190 used by AOL Instant Messenger.
Connection Refused: Port 5631 used by pcAnywhere.
Connection Refused: Port 5678 used by Linksys Remote Administration 1.42.7 Vulnerability.
Connection Refused: Port 6346 used by Gnutella.
Connection Refused: Port 6347 used by Gnutella.
Connection Refused: Port 6665 used by IRCU / common IRC.
Connection Refused: Port 6666 used by IRCU / common IRC.
Connection Refused: Port 6667 used by IRCU / common IRC.
Connection Refused: Port 6668 used by IRCU / common IRC.
Connection Refused: Port 6669 used by IRCU / common IRC.
Connection Refused: Port 8080 used by HTTP-ALT / alternate HTTP (see port 80).
4 possible services were detected on your system. For further help, please visit the CCSP Toolkit Forum

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Ok, I don't think your system is being scanned. What is the IP address the page says its scanning? Is that your IP Address?

deleonj10 · Trooper Joined: Feb 27, 2004 Posts: 12 Location: Uk

the IP addresses are the same, in the "reveal your IP" and "TCP Port Scanner." Is there something that is going wrong? Ill have to resume this later tomorrow, thanks again for the help. Justin

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Hi Justin, ok, its good they are the same. Can you check if that matches what your computer's IP address is?

deleonj10 · Trooper Joined: Feb 27, 2004 Posts: 12 Location: Uk

yeah, Ive checked a few times...all the IP's match up! Now what?

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Interesting that you get those ports open on a WinXP box... that is not common. That is typically more indicative of a solaris OS than any MS OS.

Run a 'netstat -an' for me in your DOS window and paste the results.

deleonj10 · Trooper Joined: Feb 27, 2004 Posts: 12 Location: Uk

everytime I run a netstat -an, it flashes as if it completes the task then immediately closes...I cant even view the results. ???

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

Hi, you have to go to DOS first by typing in 'cmd'. Then at the window, type in the other command.

deleonj10 · Trooper Joined: Feb 27, 2004 Posts: 12 Location: Uk

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Justin deLeon>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3757 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3856 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5101 0.0.0.0:0 LISTENING
TCP 10.1.22.5:139 0.0.0.0:0 LISTENING
TCP 10.1.22.5:3757 216.155.193.176:80 ESTABLISHED
TCP 10.1.22.5:3856 141.195.134.84:5101 ESTABLISHED
TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3008 *:*
UDP 0.0.0.0:3013 *:*
UDP 0.0.0.0:3282 *:*
UDP 10.1.22.5:123 *:*
UDP 10.1.22.5:137 *:*
UDP 10.1.22.5:138 *:*
UDP 10.1.22.5:1900 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:3018 *:*
UDP 127.0.0.1:3251 *:*
UDP 127.0.0.1:3367 *:*
UDP 127.0.0.1:3492 *:*
UDP 127.0.0.1:3502 *:*
UDP 127.0.0.1:3673 *:*
UDP 127.0.0.1:3763 *:*
UDP 127.0.0.1:3772 *:*

C:\Documents and Settings\Justin deLeon>

alright, thanks...

Paul · Admin Joined: Feb 22, 2002 Posts: 4548 Location: USA

5101 eh? Check this out:

http://computercops.biz/postt11302.html

Lets step thru the others one at a time starting with a couple:

smtp and ssh, do you have an email server running and a secure shell server on that PC?

deleonj10 · Trooper Joined: Feb 27, 2004 Posts: 12 Location: Uk

ok Paul, right about the 5101, yahoo messenger. email server running and a secure shell server on my PC, I use yahoo mail and Im not sure what a secure shell server would be. Thanks for your patience Paul.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 476 pages served in previous 5 minutes. Page Generation: 0.505 seconds.